CVE-2019-12781: Improper Input Validation
(updated )
An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER
and SECURE_SSL_REDIRECT
settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme
has incorrect behavior when a client uses HTTP.
References
Detect and mitigate CVE-2019-12781 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →